restic: Trust dch-root-ca certificate
Since the MinIO server that Restic uses to store snapshots has a certificate signed by the DCH CA, we need to trust the root certificate in order to communicate with it. Existing servers already had this CA trusted by the `pyrocufflink.yml` playbook, but new servers are not (usually) AD domain members anymore, so we need to be explicit now.
This commit is contained in:
@@ -1,5 +1,10 @@
|
|||||||
- hosts: restic
|
- hosts: restic
|
||||||
roles:
|
roles:
|
||||||
|
- role: trustca
|
||||||
|
ca: dch-root-ca-r2
|
||||||
|
tags:
|
||||||
|
- trustca
|
||||||
|
- dch-root-ca
|
||||||
- role: restic
|
- role: restic
|
||||||
tags:
|
tags:
|
||||||
- restic
|
- restic
|
||||||
|
|||||||
Reference in New Issue
Block a user